I am installing istio version 1.1.5 on Azure kubernetes services. i have followed the installation procedure mentioned in this istio site isito installation
I have installed istio-demo installation pack. after successful installation,few resources are not starting...
NAME READY STATUS RESTARTS AGE
grafana-6b849f66c8-hfn24 1/1 Running 0 10h
istio-citadel-6f958bff99-r4jdj 1/1 Running 0 10h
istio-galley-64867c7ddc-jggxx 1/1 Running 0 10h
istio-grafana-post-install-1.1.5-8mstl 0/1 Completed 0 10h
istio-ingressgateway-5f9765f889-gpvt2 0/1 Running 0 10h
istio-init-crd-10-8s7ng 0/1 Completed 0 10h
istio-init-crd-11-jdgrd 0/1 Completed 0 10h
istio-pilot-ff9d76fd8-5zz89 1/2 Running 0 10h
istio-policy-6d5fff9559-qdgqw 1/2 CrashLoopBackOff 225 10h
istio-sidecar-injector-847bcc5744-lgtzd 1/1 Running 0 10h
istio-telemetry-795546db77-sqr5j 1/2 CrashLoopBackOff 221 10h
istio-tracing-595796cf54-x78qr 1/1 Running 0 10h
kiali-5c584d45f6-q54kw 1/1 Running 0 10h
prometheus-5fffdf8848-7ddkw 1/1 Running 0 10h
when i checked the pod description of istio-ingressgateway-5f9765f889-gpvt2, I am getting below error..
Readiness probe failed: HTTP probe failed with statuscode: 503
similarly for other pod istio-telemetry-795546db77-sqr5j , I am getting below error.
Liveness probe failed: Get http://10.40.226.41:15014/version: dial
tcp 10.40.226.41:15014: connect: connection refused
I have enabled rewriteAppHTTPProbe=true but no luck..
Same issue was already discussed here
Istio is overwhelming the API server on startup.
To fix it you need to add --useAdapterCRDs=false to the args of the mixer container in the policy_container and telemetry_container sections.
Related
I am trying to build a packer image for a digital ocean droplet, however when the build process finishes, it fails to create image (from what I can tell, that is a Cloudflare IP)
Any idea why this is happening or what I can do to investigate it further?
==> digitalocean: Gracefully shutting down droplet...
==> digitalocean: Error shutting down droplet: Post https://api.digitalocean.com/v2/droplets/198964166/actions: read tcp 10.0.2.15:44558->104.16.181.15:443: read: connection reset by peer
==> digitalocean: Destroying droplet...
==> digitalocean: Deleting temporary ssh key...
Build 'digitalocean' errored: Error shutting down droplet: Post https://api.digitalocean.com/v2/droplets/198964166/actions: read tcp 10.0.2.15:44558->104.16.181.15:443: read: connection reset by peer
I have an nginx image ans I am able to push it to openshift internal registry. However, when I try to use that image from internal registry to create an app, it gives me imagepullback error.
Below are the steps which I am following.
[root#artel1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/nginx latest 231d40e811cd 4 weeks ago 126 MB
[root#artel1 ~]# docker tag 231d40e811cd docker-registry-default.router.default.svc.cluster.local/openshift/nginx
[root#artel1 ~]# docker push docker-registry-default.router.default.svc.cluster.local/openshift/nginx
[root#artel1 ~]# oc new-app --docker-image=docker-registry-default.router.default.svc.cluster.local/openshift/test-image
W1227 10:18:34.761105 33535 dockerimagelookup.go:233] Docker registry lookup failed: Get https://docker-registry-default.router.default.svc.cluster.local/v2/: x509: certificate signed by unknown authority
W1227 10:18:34.784988 33535 newapp.go:479] Could not find an image stream match for "docker-registry-default.router.default.svc.cluster.local/openshift/test-image:latest". Make sure that a Docker image with that tag is available on the node for the deployment to succeed.
--> Found Docker image 7809d84 (8 days old) from docker-registry-default.router.default.svc.cluster.local for "docker-registry-default.router.default.svc.cluster.local/openshift/test-image:latest"
OpenShift Node
--------------
This is a component of OpenShift and contains the software for individual nodes when using SDN.
Tags: openshift, node
* This image will be deployed in deployment config "test-image"
* Ports 53/tcp, 8443/tcp will be load balanced by service "test-image"
* Other containers can access this service through the hostname "test-image"
* WARNING: Image "docker-registry-default.router.default.svc.cluster.local/openshift/test-image:latest" runs as the 'root' user which may not be permitted by your cluster administrator
--> Creating resources ...
deploymentconfig.apps.openshift.io "test-image" created
service "test-image" created
--> Success
Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
'oc expose svc/test-image'
Run 'oc status' to view your app.
Events logs
34s 47s 2 test-image-1-dzhmk.15e44d430e48ec8d Pod spec.containers{test-image} Normal Pulling kubelet, artel2.fyre.ibm.com pulling image "docker-registry-default.router.default.svc.cluster.local/openshift/test-image:latest"
34s 46s 2 test-image-1-dzhmk.15e44d4318ec7f53 Pod spec.containers{test-image} Warning Failed kubelet, artel2.fyre.ibm.com Failed to pull image "docker-registry-default.router.default.svc.cluster.local/openshift/test-image:latest": rpc error: code = Unknown desc = Error: image openshift/test-image:latest not found
34s 46s 2 test-image-1-dzhmk.15e44d4318ed5311 Pod spec.containers{test-image} Warning Failed kubelet, artel2.fyre.ibm.com Error: ErrImagePull
27s 46s 7 test-image-1-dzhmk.15e44d433c24e5c9 Pod Normal SandboxChanged kubelet, artel2.fyre.ibm.com Pod sandbox changed, it will be killed and re-created.
25s 43s 6 test-image-1-dzhmk.15e44d43dd6a7b57 Pod spec.containers{test-image} Warning Failed kubelet, artel2.fyre.ibm.com Error: ImagePullBackOff
25s 43s 6 test-image-1-dzhmk.15e44d43dd6a10d9 Pod spec.containers{test-image} Normal BackOff kubelet, artel2.fyre.ibm.com Back-off pulling image "docker-registry-default.router.default.svc.cluster.local/openshift/test-image:latest"
Pod status
[root#artel1 ~]# oc get po
NAME READY STATUS RESTARTS AGE
test-image-1-deploy 1/1 Running 0 3m
test-image-1-dzhmk 0/1 ImagePullBackOff 0 3m
Where exactly things are going wrong ?
It looks like 'docker push' hasn't been completed successfully. It should return 'Image successfully pushed'.
Try to login to internal registry first (see accessing_registry), and recheck registry's service hostname or use service ip
I want to download Binary files for running Hyperledger Fabric. I am trying to execute this command. I am behind proxy too.
Also I have docker Installed, OS being used Win 10.
export HTTP_PROXY=http://172.16.30.30:80/
export HTTPS_PROXY=https://172.16.30.30:8080/
export NO_PROXY=localhost,127.0.0.1,::1
$ curl -sSL https://raw.githubusercontent.com/hyperledger/fabric/master/scripts/bootstrap.sh | bash -s 1.1.0 1.1.0 0.4.6
Installing hyperledger/fabric-samples repo
===> Checking out v1.1.0 of hyperledger/fabric-samples
HEAD is now at 1252c7a... [FAB-8920] Pin fabric-samples to node.js "~1.1.0"
Installing Hyperledger Fabric binaries
===> Downloading version x86_64-1.1.0 platform specific fabric binaries
===> Downloading: https://nexus.hyperledger.org/content/repositories/releases/org/hyperledger/fabric/hyperledger-fabric/windows-amd64-1.1.0/hyperledger-fabric-windows-amd64-1.1.0.tar.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 28.0M 100 28.0M 0 0 91407 0 0:05:21 0:05:21 --:--:-- 145k
... Here 2 files are downloaded and Then i get this erros continiously
Warning: failed to get default registry endpoint from daemon (error during connect: Get https://127.0.0.1:2376/v1.37/info: dial tcp 127.0.0.1:2376: connectex: No connection could be made because the target machine actively refused it.). Using system default: https://index.docker.io/v1/
error during connect: Post https://127.0.0.1:2376/v1.37/images/create?fromImage=hyperledger%2Ffabric-peer&tag=x86_64-1.1.0: dial tcp 127.0.0.1:2376: connectex: No connection could be made because the target machine actively refused it.
error during connect: Post https://127.0.0.1:2376/v1.37/images/hyperledger/fabric-peer:x86_64-1.1.0/tag?repo=hyperledger%2Ffabric-peer&tag=latest: dial tcp 127.0.0.1:2376: connectex: No connection could be made because the target machine actively refused it.
==> FABRIC IMAGE: orderer
===> List out hyperledger docker images
error during connect: Get https://127.0.0.1:2376/v1.37/images/json: dial tcp 127.0.0.1:2376: connectex: No connection could be made because the target machine actively refused it.
I am using openshift and testing HA features, pods have been running on 2 nodes as the following:
$ oc get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE
hello-1-7j6zp 1/1 Running 0 18m 10.128.0.153 node1.exampledis.com
hello-1-mztf8 1/1 Running 0 18m 10.128.0.152 node1.exampledis.com
hello-1-pmz2g 1/1 Running 0 26m 10.130.0.46 node2.exampledis.com
I shutdown vm which runs as node2.exampledis.com, after about 1 minute, new pod begins to startup on node1, pod on node2 becomes "unknown", I think there should be some parameter to control the interval, who can share some points on this?
version:
oc v3.6.1+008f2d5
kubernetes v1.6.1+5115d708d7
features: Basic-Auth
Server https://master.exampledis.com:8443
openshift v3.7.9
kubernetes v1.7.6+a08f5eeb62
Best regards
Lan
Kubelet --sync-frequency parameter controls sync interval, as shown in kubelet doc
--sync-frequency: Max period between synchronizing running containers and config (default 1m0s)
I have pod and I am attempting to attach a persistent mysql storage to it. Then deployment starts and after waiting a while it fails with the following error on the log:
--> Scaling up php-4 from 0 to 1, scaling down php-1 from 1 to 0 (keep 1 pods available, don't exceed 2 pods)
Scaling php-4 up to 1
--> FailedCreate: php-4 Error creating: pods "php-4-" is forbidden: exceeded quota: compute-resources, requested: limits.cpu=1,limits.memory=512Mi, used: limits.cpu=2,limits.memory=1Gi, limited: limits.cpu=2,limits.memory=1Gi
error: timed out waiting for "php-4" to be synced
If this is caused by limits, how can I deploy a new version of a pod with new config if I can only use one at a time? Is there something that I am missing?
If you are at the limit on resources a rolling deployment will not work as you cannot create a new pod as that will exceed resource limits. You need to change the deployment strategy in the deployment config from Rolling to Recreate if you want to run at resource limits.